[SECURITY-L] CAIS-Alerta: Vulnerabilidade no Cliente DNS (MS08-020)
CSIRT - UNICAMP
security em unicamp.br
Qua Abr 9 09:17:59 -03 2008
----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br> -----
From: Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br>
Subject: CAIS-Alerta: Vulnerabilidade no Cliente DNS (MS08-020)
To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br
Date: Tue, 8 Apr 2008 17:16:28 -0300 (BRT)
-----BEGIN PGP SIGNED MESSAGE-----
Prezados,
O CAIS esta' repassando o alerta da Microsoft, intitulado "MS08-020 -
Important Vulnerability in DNS Client Could Allow Spoofing (945553)", que
trata de uma vulnerabilidade recem-descoberta nos clientes de DNS do
Windows.
A vulnerabilidade existe devido `a insuficiente aleatoriedade utilizada na
escolha de valores para as transacoes DNS quando uma consulta deste tipo
e' realizada.
Caso um atacante consiga explorar com sucesso esta vulnerabilidade, ele
podera impersonalizar ou redirecionar para maquinas ilegitimas o trafego
de internet do sistema.
Sistemas afetados:
. Microsoft Windows 2000 Service Pack 4
. Windows XP Service Pack 2
. Windows XP Professional x64 Edition
. Windows XP Professional x64 Edition Service Pack 2
. Windows Server 2003 Service Pack 1
. Windows Server 2003 Service Pack 2
. Windows Server 2003 x64 Edition
. Windows Server 2003 x64 Edition Service Pack 2
. Windows Server 2003 com SP1 para Sistemas baseados em Itanium
. Windows Server 2003 com SP2 para Sistemas baseados em Itanium
. Windows Vista
. Windows Vista x64 Edition
Correcoes disponiveis:
Recomenda-se fazer a atualizacao para as versoes disponiveis em :
. Microsoft Windows 2000 Service Pack 4
http://www.microsoft.com/downloads/details.aspx?FamilyId=41326ade-96b6-47ce-9291-d4e3039471c4
. Windows XP Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyID=893f4cef-0395-4c44-ba28-7a10b6e7dd48
. Windows XP Professional x64 Edition
http://www.microsoft.com/downloads/details.aspx?FamilyID=8fdd1207-6e93-4c43-bacc-fe3623a6ebe7
. Windows XP Professional x64 Edition Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyID=8fdd1207-6e93-4c43-bacc-fe3623a6ebe7
. Windows Server 2003 Service Pack 1
http://www.microsoft.com/downloads/details.aspx?FamilyId=214bd8f5-6eb2-414c-b013-c516a306d692
. Windows Server 2003 Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyId=214bd8f5-6eb2-414c-b013-c516a306d692
. Windows Server 2003 x64 Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=fd123394-a5d6-4b55-be74-2938f52ce922
. Windows Server 2003 x64 Edition Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyId=fd123394-a5d6-4b55-be74-2938f52ce922
. Windows Server 2003 com SP1 para Sistemas baseados em Itanium
http://www.microsoft.com/downloads/details.aspx?FamilyId=e0e63f03-904d-47ee-94fc-51a8dea668eb
. Windows Server 2003 com SP2 para Sistemas baseados em Itanium
http://www.microsoft.com/downloads/details.aspx?FamilyId=e0e63f03-904d-47ee-94fc-51a8dea668eb
. Windows Vista
http://www.microsoft.com/downloads/details.aspx?FamilyID=8203d303-c855-4579-9bbf-b06ddf5c1b87
. Windows Vista x64 Edition
http://www.microsoft.com/downloads/details.aspx?FamilyID=73f3a234-3973-4467-be7e-69efa7ee978c
Mais informacoes:
. MS08-020 - Important Vulnerability in DNS Client Could Allow Spoofing (945553)
http://www.microsoft.com/technet/security/Bulletin/MS08-020.mspx
. Microsoft Brasil Security
http://www.microsoft.com/brasil/security
. SANS ISC Handler's Diary 2008-04-08: April 2008 - Black Tuesday Overview
http://www.isc.sans.org/diary.html?storyid=4264
. Technet Brasil - Central de Seguranca
http://www.technetbrasil.com.br/seguranca
. Windows Live OneCare
http://safety.live.com/site/pt-BR/default.htm
Identificador CVE (http://cve.mitre.org): CVE-2008-0087
O CAIS recomenda que os administradores mantenham seus sistemas e
aplicativos sempre atualizados, de acordo com as ultimas versoes e
correcoes oferecidas pelos fabricantes.
Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF:
http://www.rnp.br/cais/alertas/rss.xml
Atenciosamente,
################################################################
# CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) #
# Rede Nacional de Ensino e Pesquisa (RNP) #
# #
# cais em cais.rnp.br http://www.cais.rnp.br #
# Tel. 019-37873300 Fax. 019-37873301 #
# Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key #
################################################################
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Made with pgp4pine 1.76
iQCVAwUBR/vSoekli63F4U8VAQF49QQAmsOtumN2+/0l7xDQ9oC7qPIlXw3e14Nd
RPfIUeRiYXJ4kV0b7+7Ph9iddjm0AkkvBl/Wh3pLRhmnzbArgkvCjSDaNyF/sLKP
K9WQljOvJ2GhxMfU8u0K6BVolbTLWg9utqkqBfYPs4QqdYtN+In0pWhhz2T82xCX
NWVM8MsK4uU=
=5pgq
-----END PGP SIGNATURE-----
----- End forwarded message -----
Mais detalhes sobre a lista de discussão SECURITY-L